 All right. So right off the bat, I just want to say that I'm disappointed that my, like, talks on security unit testing just don't get this many people, right? That's probably more important. So we're just going to switch it up and that's what we're going to talk about instead. Okay. All right. All right. We'll talk about the hacker tracker. So right off the bat, I'm Seth Law. I'm an application security consultant. I've done development in the past. I actually started my career at iOmega. Anybody here remember the zip drive? Yeah? Okay. I was not responsible for the click of death. That was not me blame the hardware engineers, right? If you lost data, that was not my fault. That dates me. I've been around for a long time. I've been coming to DEF CON since DEF CON 8 or something like that. But now I just do application security work. I'm an independent consultant. So that's me. I do the iOS version. I'm going to turn it over to Whitney really quick. I'm short. How's this work? Hi everyone. I'm Whitney champion short stack. I've been doing the Android version of hacker tracker since 2012. So I'm a systems engineer out of South Carolina. Android is a hobby for me. That's why this guy's here now. But yeah. Thank you guys for coming. Hey guys. I'm Chris, also known as advice dog. I met Whitney at DEF CON 24 and started talking to her about hacker tracker because I liked using it. But I was like, I feel like it could be better, right? And it was open source. So I was really excited. I'm like, oh, I can totally commit to this. You know, I can change things. And I started talking to her and she was totally cool with me changing things. So I joined the team, started working things. And I took over DEF, the Android version for hacker tracker for 25 and 26. So the current version, yeah. I've done a ton of rewrites. Pretty much it's a whenever I'm bored, I guess I just look at hacker tracker and I'm like, how can it be better? So any performance you enjoy? I spent way too much time on it. That is a running theme as we spend too much time on it. I've got my family here. They know like the last couple of weeks, especially every spare moment of my time has been, all right, can I get this in so I can get it into the app store so we can actually get it into the iOS version. So the first thing we're going to talk about is where it came from. I joined the hacker tracker team or the iOS version was started in about 2014. I think it was something like that, right? So it was a couple of years after Whitney did the first one. So we'll let her talk about what she came up with and then we'll move on to, you know, when iOS came and, you know, how we've done things. What happened was, what had happened was, so I wasn't able to go to DEF CON at 25. I've been coming since 2009. I was really bummed that I couldn't be there that year. So I wanted to give back in some way. I still wanted to contribute. I was pregnant and couldn't leave. So I spent probably two months pretty much pouring my heart into what was the first version of Android, which is what you see here, which is don't knock the awesome Photoshop skills. I know it's just mind blowing, but that if you came, the first version was like 2012, 2013, that is what it looked like. And it's just beautiful. So that was the first four years. And as Seth said, he joined a couple of years later and did the iOS version. The iOS version. You'll notice that, you know, that all the margins are off and things like that. We had a lot to learn about actually how to put this together. Again, you know, awesome Photoshop skills. As you can see, nowadays we've got actual designers that work with this a little bit. We'll get into that a bit later. But you know, the first iOS version, I think the version that made it through the app store that most of the attendees downloaded actually crashed for the first two days of the conference, right? It was not necessarily in my case, it's a successful effort. I remember being pretty disappointed that I couldn't push through the version that I wanted people to have. And that's traditionally, that's what happens to us is we have these ideas. Chris pushes something, we talk about it, we put it into the app and then whether or not it actually makes it out to you is another story. That being said, we've had a lot of great feedback. So we'll step into some of that here in a minute. Now it's official, right? This makes us happy. Defcon actually brought us on board. When was that? It was right after you joined us. Yeah, so it was what, 2015, 2016, I think it was, was the first year that Hacker Tracker was the official app of Defcon. And now, actually Chris and I this year are members of the Infobooth team. So we are related to the guys that you're seeing sitting around in the booths telling you about maps and other things. We're working with them closely. Melos helped us out immensely to actually get events and get them into the application. But we are the official application for Defcon. Obviously, that's why we're here. That's why they promoted at each of those Infobooths. It's so that you have this information at the palm of your hands. I mean, part of the reason that I wanted to do it initially was the fact that I had the booklet and it just wasn't tenable. I had my phone with me as well. And I got involved because I wanted to be able to track all these different events and actually do something. I saw that Whitney had the Android version and thought, yeah, we can do that on iOS as well. Pain points. Now there are a lot of pain points. First off is scheduling. Do you want to talk about this? Yeah, so scheduling for the first like three, well actually until this year. So Seth will get into his part of this after I talk about how difficult hand jamming thousands of lines of JSON was for the first several years. It was mind-numbing. The other part was all the villages, all the like contests, all the events, all the talks. Everything was in a different format. So there was no like easy way to go scrape every website. There was no easy way to get all the data. It was very much a manual process. So I don't know how many hundreds of hours we spent staring at these files. But my God, I'm glad that those days are over. Especially this year, there's what like 28 villages, something like that. And every single one has a different format. So hopefully that will ease up going forward. So yeah, if you've never handwritten JSON files and made sure that the modified date has changed at 2am, you just haven't experienced joy, right? It's really easy to do and really easy to mess up. And then the application crashes. Or if you're dealing with the iOS, you know, JSON parser and happen to have an errant, you know, new line character inside of a string, you want to know what happens to iOS? Yeah, it crashes, right? So there's all of these pain points that we have dealt with with the schedule. Now the next one is, you know, don't trust the hackers. The first, well, I mean, as soon as I got involved, we started advertising out on Twitter. Hey, guess what? We've got this app that we built for Defcon. How many people do you think actually downloaded the app that first year? Guesses? Five? There's some trusting people. There's more trusting people out there than that. But our biggest response on Twitter was exactly this. No, no, no, there's no way I'm downloading that, right? You know, you guys are shady. It doesn't matter that the source code was all out there. They're like, who are you nerds putting out this app, especially for the Android version? Because, you know, that's just kind of a free for all. But they're like, there's real kids. Don't do it. There's they're going to take your data. They're going to steal your pictures. Don't install any of it. So. And so the answer is yes, we have all your data. Right. Just let's just get that out of the way. We'll move on. It's more supposed to say that. Sorry, sorry. Okay, the other thing is bug fixes at all hours. How many people here are actually like iOS developers that push things into the app store? We got a couple of you. I feel your pain. How easy is it actually push bug fixes into the app store quickly? Easy? No, it's very difficult, right? And we'll get into this in a little bit. But you know, this was realistically our lives over, especially the month before Def Con, right, is the bug fixes and when that actually has to happen. See, I had the luxury of being able to blast anything to production at three o'clock in the morning after six shots. And who knows what's going to happen. So that was that was a toss up between Android and Apple for us. Yeah. Seth had a little more validation on his end. I did. And it's about finding time. I mean, obviously, we're we've got normal jobs, right? I guess kind of normal jobs, normal jobs. And so actually finding the time to put this together, it's not necessarily something that, you know, just happens in one afternoon as much as we would like to think we're great developers. There's always bugs. There's always things that doesn't happen in the afternoon. No, it just doesn't happen afternoon. It happens at three a.m. When you push directly to master. That's when it happens. After the kids. Yeah. All right. Waiting on redacted. Anybody seen like the mobile operating system in the iOS version? Yes. Why do you think that is? Okay, this is the app review process. Okay, we get random people that are looking at the application. And I've marked the app is explicit. But you want to know what all right, so it's okay for in the app for us to say damn and hell and shit and everything else. But you know what I can't say? Jailbreak. Just I can't say that. That's not okay. So last year, especially this became a huge issue. I've had I've had I just got rejected, you know, three days ago again on the latest version that I want you guys to have in your hand for iOS. And it's because it says hack. And it says, you know, there's other things that are in there that whoever it is that's in the app review process that's looking at the application actually thinks is hey, you're promoting hacking. There's like the whole Apple terms of service and like we're doing our best is realistically what it is. And we're coming up with ways to actually get around this. So the redacted in there that you're seeing is because we yeah we've just learned that if we do that, if we take out the term watch OS or we take out the term Mac OS that they accept it. But if we don't, and it happens to be in somebody's talk, then they won't. Right. So I feel really bad for the speakers whose whose title of their talk is jailbreaking Mac OS or something like that because it's, you know, redacted in redacted OS. Right. Sorry. That's all that's all I can do. We're doing our best. Okay. So last year we did it. We did a big overhaul. And even this year you'll notice it's a lot different than those images that we put up there first. I'll let Chris talk to the Android version first. Sure. So DefCon 25 was the first version that I came on to it. So I did a ton of different changes and all that stuff. So pretty much from the ground up I rebuilt the app probably multiple times over the year just because I got a lot of free time. But like a lot of the focus is just trying to figure out exactly how we can make a like a hacker conference good in terms of schedule because we don't really know. There's like guidelines I guess out there of like what we could do and what we can't do. But we're trying to figure out exactly what kind of information you need and like what you want and everything like that. So we're also trying to do a lot of stuff just like everything from the ground up rebuild it and make it impressive you know from like and like I've rebuilt it multiple times also for DefCon 26. Like for that example for last year Hacker Tracker on Android was about 19 megabytes. This year it's about 4.2. It is insanely small. It should be the fastest smallest app on your phone hopefully. And that's pretty much what I've been doing is just trying to make the best app for you guys you know because I found if I hate it then you're probably gonna hate it you know if it bugs me it might bug you but it'll probably bug you eventually. Yeah so the whole idea is that we want it to bug you right. Like I even just saw a bug pop up on my phone on the reminders for iOS that's yeah. But last year we did a pretty extensive overhaul of iOS as well. We've got the animations that are in there if you've seen like the little jitter as it starts up you know that's us stilling I mean that's us just animating the initial screen that you're on right. It's not sending data anywhere right. But along those lines we've upgraded right. We don't support iOS 9 anymore like I may try and push a version out there especially for those of you that have burner phones that have decided that that we're all going to hack you because you're here. Yeah so we may support that in the in the future I'll do some downgrades to make sure that we can actually support some of those older versions of iOS but that is kind of a forward-looking thing. When I tried to compile it initially I got a whole bunch of error messages for iOS 9 and so I scrapped it right. There's only so much time in the day. The other thing that we did last year was the UI redesign we actually engaged with a graphic designer Chris Mays who may be here in the room somewhere Chris are you here. All right I don't see him. Chris actually worked for a company last year and their graphic designer was willing to chip in and help us actually do some of the UI design. So a lot of the elements that make it look a little bit more polished came from her that was Megan she's listed in the iOS app and it has made things more streamlined it's made it's easier to actually use and navigate. The one thing that we did away with this year was the tab bar down at the bottom for iOS we moved to the menu so that we're trying to get more of a unified look and fill. The other thing is we do support multiple conferences has anybody here used Hacker Tracker at a different conference? No? Oh we had a couple okay yeah they're nowhere near as big as DEF CON DEF CON is definitely our primary conference but we support Shmucon, Torcon, we did Hack West we did a couple B-Sides events during the year so if you would like to use Hacker Tracker at other conferences just hit us up on Twitter it's not difficult we've structured the app so we can load different conferences there and make it easier to use and a community resource the whole idea is the code's out there it can be reused these other conferences could compile it but we've got the ability to actually switch and use it within the same interface okay. All right so high points So I think one of the most fun parts of the last few years that we've had is hiding Easter eggs in the app so several people have come to me to hide things for different contests specifically the DC Darknut Challenge that's been one of my favorites because we've done that probably three maybe three years now um we one year I had a password in the app and a bunch of you came to me to get the most ridiculously dumb unicorn sticker and I don't know why any of you took the time to come find it because it's horrible but there it is Seth went to the trouble of making stickers and hiding things in the iOS version as well so it's it's been a lot of fun to like engage everybody and just try to do whatever we can to get other contests and events of all involved this has been especially interesting um we've gotten good attendee feedback we've gotten bad attendee feedback and we've gotten weird attendee feedback but the good attendee feedback has been by and large the best um especially since Chris joined and put in a lot of work um I don't have nearly as much time anymore to to contribute so he's done a huge uh it's been a huge effort on his part um to make it as awesome as possible for you guys on his end and and so is that so the reviews that you guys have given us are just amazing and especially like the ideas you've come back with like feature requests bug fixes bug reports like all that stuff has been amazing so just like keep sending that because it helps us and it helps us make it better yeah just one thing okay if you if you review us four stars say some schedule items are wrong just hit us on twitter please don't don't ruin our rating well we're trying you know hit us on twitter we'll fix it hard that rate it individually because i all the negative feedback i get an email i read it i get depressed it's not great think about my feelings first don't make chris cry don't make chris cry this is probably my favorite email i've gotten so far um there's been a lot of worse ones but this is definitely the best my email's been hacked when i reply to certain people that tells me it came back unreadable with crazy text covering up my info but bottom line the last part is the best if it does will it report the hacker to the police no um it will not i never heard back from this guy um i also did not respond so so i mean i thought about but he says i've been having issues with cyber stalking so i uh i decided to avoid that one so uh like we were saying last year uh chris took over the android version chris maize uh has helped me out immensely on the ios version um he's like a full time ios developer uh he's on the he's in the app if you if you see his name you know click on him give him kudos as well because he's been a huge help and actually debugging and making sure that the app runs expectedly it doesn't crash um you know a lot of good just kind of overall design patterns and things like that have come from his brain um i was hoping he was here so we could you know recognize him a little bit but that's fine but otherwise right just getting feedback from you has been the best thing right if you use the app and there's something that bugs you like chris said let us know tell us about it if you haven't downloaded the app go download the app and use it make sure and update the events because it is being updated every yeah pull pull to pull down to update because that'll actually get you the latest results and the latest uh events that are going on and what's going on right now um but let us know if those are wrong but also let us know if there's something in the app that that is an issue especially if the app crashes right so we've got a whole bunch of lessons learned right um first of all haters are going to hate yeah so some of you are mean just saying um the first couple years the first four years um at least from my end was soloing this which means like a lot of late nights staring at this and then i would get on the reviews page and i'm like holy shit you people can be evil i already know this because we're on twitter we've seen the worst of the internet but um uh i think it definitely garnered some thick skin over the years um so yeah the three of us have poured a lot into this and we've realized you can't please everybody so the best we can do is just try to make it as good as we can for all of you guys but i will say it has been highly entertaining reading some of the stuff that we've gotten over the last what six years yeah i don't know what you got on your end oh all the ios developers they're totally trustworthy and nice people um the other thing we've learned is that like taking feedback right obviously twitter is a great way to do this um you can hit us up that's why our handles are there in the applications but aside from that if you hit us up on github that's where we're actually tracking the code and you put in a you know pull request or you put in an issue we will track it in there and close it out so you know that that we've looked at it and we've done something with it right yep we do have to wait i you have to wait i have to wait i have to wait like i said there's a version that's out there that's hopefully going to be released soon i get denied on expedite requests i i'm waiting on jail breaks whatever right you know the other thing that i was thinking is that we could push it to like city uh the you know the jail bro break store is anybody here using a jailbroken device even as a burner wow so i mean if there's enough of you that are doing it then i'll look into it we'll push it that direction because it'd be a lot easier for me to be to push in there for sariq than it is to actually push into the app store i just am not sure if apple's going to be too happy about that you never know backup plans you have to have backup plans right i think we've kind of learned that we don't have a solid backup plan yet um so we've we've tried various different ways of scheduling and this actually ties into what you've built over the last i don't know how long you've been working on that on your event manager so um we've tried pulling from the info booth we've tried static json so we've kind of tried to combine the two of those and have some like main dashboard for um loading all the events and because it's just gotten so big and so many villages and so many pieces of this that we've we've got a stream on it somewhere yeah guesses on how many events we have in the hacker in hacker tracker this year all of them i wish but i don't think we have gotten there how much how many did you say okay keep going up keep going up keep going up close just under 1000 we're probably around 800 right now that you can actually do and that's between parties events and all the different talks contests and yeah especially the villages i mean we were at 25 plus villages this year and each village is basically its own conference right some of those villages the content like the content that is there is bigger than the other conferences that we've been talking about uh so you know we're trying to give you ways to actually filter things and actually you know do searches that's where you're going to have to become familiar with to actually get that data pack right okay so going forward first of all we we want it to be more streamlined the whole process from the feedback to you to actually us getting the features out the ios android parody to make sure that they look somewhat similar so the experience on both is the same now that is difficult based on the design patterns from android or from google versus the design patterns from apple but there's a lot of different apps that do this we're gonna we're kind of creating our own look and feel and we will be you know maintaining that parody to some extent right um the scheduling application like Whitney said we built a back end to hacker tracker um and if you can find it insert an event uh kudos to you right um that's uh yeah that would be a challenge but most likely you won't be able to to figure out where it's at so it's fine um it's fine don't worry about it i know i did that was stupid um i have been here for too long that's yeah yeah so the scheduling application is going to make this a lot easier we are coordinating like i said with the info booth uh next year i we're probably going to take over info dot defconn dot org right um and so we're hoping that we'll be able to bring that into parody with what the app looks like uh just depends on the time if you are interested and have development skills and want to jump in and help us out let us know i we're always looking for more people to help i mean how many hours did you spend inputting yeah if anybody likes data entry join us join us we need a mindless fact totem who's out there you can't leave until we find one come on more conferences like i said before uh if you're attending a conference and they don't have a scheduling application let us know we'd be happy to add that data to hacker tracker to the back end and actually push that out so it becomes more useful i realistically we want this as the go to for not just defconn but for the community for the wider security community or a development community for that matter i mean how many people have used an ad did you use the black hat app this year how awesome was that yes that was great yeah no okay all right well that that's all i'll say on that feedback is always welcome did you want to say something i know um so as always like seth said feedback is always welcome um hit us up on github hit us up on twitter if you want to contribute do so it's all open source it's all out there um the three of us are responsive pretty much all the time yeah if you want to contribute please do we would love to have you and we would love to help yeah yeah okay it's open source but please don't be too critical we're on a time crunch things are messy we'll fix it up later next year next will be better any questions i i think we only have a couple of minutes before the defcon 101 panel's coming in here yeah whenever you pull yeah whenever on ios whenever you pull on android there is a there's a full should be seven days could be 15 minutes i don't know it's mainly about how android and work manager i kind of specify seven days but it'll kind of hopefully if you're on wifi it's like oh i'll do it now or whatever you know so you can also do it manually so you can also turn where we're throwing in updates like this whole week it's been pretty much hourly that we've been adding events so just yeah just swipe down just like when you go to that first event screen just swipe down let it refresh because there's other stuff that's being added in those those dates change and we're getting told that we need to leave the stage so we got 10 more questions before we'll leave no no i wait wait no no i need the mindless fact totem first all right well uh thank you for using the application follow us on twitter leave us feedback and i hope it's useful that was the whole reason that we built it as we wanted something so it works for us but if it doesn't work for you it's not you know it's not as cool so um yeah so download it download us download it and let us know what you think okay like comment and subscribe